Tutorial 11 Flashcards
Black Hat Hackers:
Malicious hackers who break into systems to steal, destroy, or exploit
data. Their intent is criminal or harmful, such as stealing credit card numbers or spying on
organizations.
Botnets:
Networks of infected computers (zombies) controlled remotely by cybercriminals.
Used to send spam, execute DDoS attacks, or distribute malware.
Distributed Denial of Services (DDoS) Attack:
A cyberattack that floods a server or
network with massive traffic from multiple sources. The goal is to crash or cripple the service,
making it unavailable to legitimate users.
Encryption:
The process of converting data into a coded form to prevent unauthorized
access. Only someone with the decryption key can read the original data.
Firewalls:
Software or hardware that filters and blocks unauthorized access to or form a
private network. Acts as a barrier between a trusted internal network and untrusted external
networks.
Malware:
Short for malicious software (e.g., viruses, worms, trojans). Designed to damage
or disable systems, steal data, or spy on users.
Phishing:
A type of social engineering where attackers trick users into revealing sensitive
info (e.g. passwords). Often done through face emails or websites posing as legitimate
entities.
Social Engineering:
The use of manipulation or deception to trick people into breaking
security procedures. An example would be pretending to be IT support, or using personal
knowledge to gain trust.
Spyware:
Software that secretly gathers user data without permission. Often bundled with
free download or disguised as legitimate software.
White Hat Hackers:
Ethical hackers who test and identify vulnerabilities in systems to help
improve security. Hired by companies for penetration testing or audits
Motivations for attacks:
-Financial theft
-Identity theft
-Revenge
-Espionage
-Cyberwarfare
-Terrorism
-Protest (hacktivism)
-Pranks
Criminal ecosystem:
Data harvesters sell to fraudster in a sophisticated market
Botnets and DDoS attacks
Are common tools used to launch widespread and
disruptive attacks
Insider threats
And nation-state actors are particularly dangerous
Cyberwarfare
Is real and increasing
Vulnerabilities
⇒ exist in every system touchpoint: software, hardware, user behaviour
●Common attack vectors:
-Phishing, social engineering
-Malware, SQL injection, website compromises
-Lost/stolen devices, unpatched software
●Security awareness and basic controls can help significantly
Taking Action - For Individuals:
Surf smart, stay updated, use antivirus and firewalls, encrypt data. manage
passwords wisely, and backup data
Taking Action - For organizations
-Use frameworks like ISO 27000 series, PCI DSS, HIPAA, etc.
-Realize that compliance isn’t security
⇒ security requires a culture of continuous vigilance
-Implement access control, firewalls, honeypots, intrusion detection, patch
management, and audits
-Develop recovery and incident response plans
-Engage employees at every level, from the boardroom to interns
Factors driving insider risk
●Growth in IT complexity and outsourcing
●Use of personal devices and social media
●Motivations: revenge, money, ideology, coercion
Managers in the Dark:
●Managers are largely ignorant of insider threats
●They view security as somebody else’s job – usually the IT department’s
-Few managers recognize the importance of observing unusual employee
behaviour to obtain advance warning of attack
●Few IT groups are given guidance regarding, which information assets are most
critical, what level of risk is acceptable, or how much should be invested to prevent
attacks
Common practices that don’t work:
-Access controls ⇒ rules that prohibit people from using corporate divides for
personal tasks will not keep them from stealing assets
-Vulnerability management ⇒ security patches and virus checkers will not
prevent or detect access by malevolent authorized employees or third parties
using stolen credentials
-Strong boundary protection ⇒ putting critical assets inside a hardened
perimeter will not prevent theft by those authorized to access the protected
systems
-Password policy ⇒ mandating compley or frequently changed passwords
means that they often end up on post-it notes – easy pickings for someone
with physical access
-Awareness programs ⇒ Simply requiring employees to read the company’s
IT security policy annually will not magically confer cyber awareness on them.
Nor will it prevent staff members from taking harmful actions
Recommended Actions:
- Develop insider policies: Clear, enforced, understood at all levels
- Monitor behaviours: Track access, detect anomalies, and perform audits
- Screen vendors and hires: Check for red flags in background and behaviour
- Promote culture of awareness: Make cybersecurity a shared responsibility like
safety or quality - Limit access & privileges: Use “least privilege” principle – employees only get
access to what they need ⇒ regularly audit high-privilege accounts - Use real-time detection tools: Focus on exfiltration detection, not just infiltration
How can an employee or vendor be the biggest threat?
●Legitimate access: Insiders already have access to systems, unlike external
hackers
●Vendors and contractors may use shared credentials pr be loosely monitored
●Unintentional risks: Employees can fall for phishing, lose devices, or use unsecure
apps
●Malicious insiders: Disgruntled employees may intentionally sabotage or steal data
Motivations behind inside cyber threats:
-Financial Gain – Selling sensitive data on the dark web or blackmailing the company
-Revenge – Disgruntled employees wanting to harm the organization
-Recognition or Ego – Showing off technical prowess or power
-Ideology/Activism – Political or ethical motives
-Coercion/Blackmail – Forced to act by external threats
-Loyalty to Others – Assisting someone else, e.g., a family member or third party
What is Shadow IT?
●Use of unauthorized tools or systems by employees
●Arises from a desire to increase work efficiency but poses cybersecurity risks
●Shadow IT often emerges because official IT solutions are slow, restrictive, or
unhelpful
Risk of Shadow IT
-Data loss and leakage
-Regulatory violations
-Increased vulnerability to cyberattacks
-Poor data integration and malware spread
-Insider threads: Shadow IT often operates beneath the IT department’s radar
Types of Shadow IT Users
●GOAs (Goal-Oriented Actors):
-Tech-savvy, aware of cybersecurity
-Use shadow IT intentionally an responsibly
-Often innovative and solution-driven
●Followers:
-Mimic GOAs but lack technical and cybersecurity awareness
-Higher risk due to uninformed behavior
10-Point Strategy (key recommendations):
- Accept that shadow IT can’t be fully eliminated
- Assess business risks and evaluate threat vs. benefit
- Select and enforce cybersecurity policies carefully
- Educate users about risks and policy rationale
- Avoid blocking employee productivity
- Create a User Experience (UX) team to liaise with users
- Use chatbots to scale support and feedback
- Reward useful shadow IT innovations
- Manage GOAs and Followers differently (support GOAs, guide followers)
- Collaborate with GOAs as IT partners and idea contributors
MP1 Archetype
- 500 employees
- Media industry
- Values and culture: security and innovation
Technical and organizational measures: Strict technical and organizational restrictions. Awareness raised with employment at MP1 and in media industry
Enforcement: Strict, severe and certain sanctions
Communication: Constantly seeking feedback on user needs. Encouragement and promotion of new IT proposals with non-monetary rewards. Explanations of failed/not-implementable requests and required restrictions, discussion of alternative solutions
Responsiveness: Swift, agile, efficient responses to compete with dynamic market requirements
Shadow IT use: Very little
GK2
- 35,000employees
- Manufacturing industry
- Values and culture: Entrepreneurship, market orientation, flexibility, hands-on approach
Technical and organizational measures: Technical restrictions that are open for discussion and adaptation
Enforcement: Case-by-case basis. No strict sanctions if shadow IT use is deemed to be in GK2’s interest
Communication: Active encouragement of questioning cybersecurity policies discussing adjustments, proposing novel IT
Responsiveness: Slow adaptation of cybersecurity policies and introduction of new IT solutions, unless top management has a pressing need
Shadow IT use: Occasional
DB3 Archetype
- 400,000 employees
- Automotive industry
- Values and culture: Control, rules and compliance, hierarchy, mistrust
Technical and organizational measures: Strict technical and organizational restrictions dictated by IT department. Compliance monitoring and controls
Enforcement: Sanctions inconsistent and mild. Consequences incomprehensible or ridiculous
Communication: Minimal communication and coordination with users and their needs. Lack of service mindset. Technically unskilled and disinterested leaders
Responsiveness: Length and rare IT implementation of projects. Inaccessible, unhelpful IT support
Shadow IT use: Very frequent
MF4 Archetype
- 20,000 employees
- Automation/technical education industry
- Values and culture: flexibility, trust, security
Technical and organizational measures: Minimal technical restrictions. Regular employee cybersecurity and privacy training in awareness
Enforcement: Trust and responsibility delegated to employees. Severe sanctions expected only for deliberate negligence
Communication: Company suggestion program for novel ideas with financial participation. IT support
Responsiveness: Responsive IT department and support
Shadow IT use: None possible/necessary